CN1556636A - Character terminal monitoring system - Google Patents
Character terminal monitoring system Download PDFInfo
- Publication number
- CN1556636A CN1556636A CNA2004100138018A CN200410013801A CN1556636A CN 1556636 A CN1556636 A CN 1556636A CN A2004100138018 A CNA2004100138018 A CN A2004100138018A CN 200410013801 A CN200410013801 A CN 200410013801A CN 1556636 A CN1556636 A CN 1556636A
- Authority
- CN
- China
- Prior art keywords
- agent
- supervising
- data
- terminal
- server
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Computer And Data Communications (AREA)
Abstract
The invention relates a supervising system for operation picture of the character terminal user, which belongs to computer remote security supervising technology field. The system includes a network mainly made of AGENT, supervising server, User Console. The AGENT is assembled on the server of the system, which is used to gather and compress, and store the supervising data to the connected terminal, and transmit the data to the supervising server host computer with preset defined tactics; the supervising server host computer is used as the centre of the whole system, which is used to provide supervising data storage and management control; the User Console is based on WEB visible image, which is provided for user to configure the system and observe the video and management task. The invention has abilities of security system automatic supervising, recording and integral storing, and central management. It can prevent or stop the computer crime, guarantee the security of the information system.
Description
Technical field
The present invention relates to supervisory control system, belong to computer remote security monitoring technique field character terminal user operation screens such as UNIX.
Background technology
Understand according to the applicant, computerized information telesecurity monitoring technique develops so far, has formed typical otherwise effective technique schemes such as physics monitoring technique, Intrusion Detection Technique, security sweep technology.
Along with the popularization and application of computer information system, the level of informatization improves rapidly.Meanwhile, utilize long distance control system to the operation of computer system monitor in real time, recorded and stored teleaction service personnel's operation, more and more outstanding with the requirement of the safety of taking precautions against computer crime and guarantee information system, even running.
In order to ensure the operation of computer information system safety and steady ground, extensively adopted the method for video monitoring that real-time monitoring, record, preservation are carried out in the system personnel activity at present.
Yet video monitoring system is difficult to comprehensively, clearly terminal screen pictures all in the system is monitored, and uses video monitoring system to be easy to adopt to cover the first-class method of shooting supervisory control system was lost efficacy.In addition, set up the costly of such cover video monitoring system.
Summary of the invention
The objective of the invention is to: at the shortcoming of above prior art existence, in order to satisfy outside video monitoring to the remote monitoring of terminal system and the demand of equipments of recording, propose a kind of can comprehensive, clear realization to the terminal operation behavior monitoring of various Unix system with watch, and the system of record terminal operation---be the character terminal supervisory control system, thereby take precautions against operational risk, ensure information safety, and promote system management efficient and management development.
The formation of technical solution of the present invention is based on following thinking: any behavior that operating information system safety is constituted a threat to all needs to operate and could take place by input-output equipment.In unix system, this input-output equipment, comprise master station screen and keyboard, be connected to dumb terminal on the multi-user card, the telnet client by access to netwoks.If therefore take measures, the intercepting unix system is to the input/output information stream of terminal equipment, again by suitable compression, encrypted transmission method, it is concentrated be sent to an enterprising line item of black box and preserve, and control playback by terminal-emulation software, and just can write down evidence obtaining to system-wide terminal operation, more can in time find the operating information system safety problem by monitoring and these information of auditing, prevention and the professional crime of prevention computer guarantee system's even running.
Now, the visual software assembly and the software systems of various system software component, database and WEB mode are very ripe, therefore for realizing that the present invention lays a good foundation.
Say that on the whole character terminal supervisory control system of the present invention is made of following major part:
---AGENT (agency): be installed at least one server in the system, preserve in order to operation supervise and control data acquisition, the compression finished this connecting terminal, and upload to supervising server host computer by predefined strategy.
During concrete enforcement, two kinds of Host Agent (master agent) and Net Agent (network agent) are arranged, Host Agent resides in the operation supervise and control of being monitored on the unix host, finishing the terminal that this main frame is connected, promptly be installed on the unix server in the customer service applied environment, finish operation supervise and control data acquisition to the terminal of these all connections of main frame, compression is preserved and upload to supervising server host computer by predefined strategy, and remote monitoring function synchronously also is provided in real time; Net Agent is integrated on the supervising server host computer or adopts the autonomous device mode, by Ethernet (Ethernet) port network service is monitored, and filter, gather, compress preservation and upload to supervising server host computer work by predefined strategy to relating to the terminal operation information flow.
---supervising server host computer: as the center of whole system, providing supervising data storage and management control, is the black box of a sealing when specifically implementing, and to guarantee safety of data, wherein comprises
A, deposit that Agent gathers, through filtration and format after the database of monitoring record data;
B, finish controller to terminal session data formatting, compression and the storage of gathering;
The control of C, reception User Console user console, control Agent changes real-time monitor state over to, carries out the scheduler of data dump and so on data management operations according to predefined data store strategy;
D, Realtime Alerts or SNMP (Simple Network Management Protocol) interface in order to be connected with other system;
The Web server of E, support SSL (security socket layer) mode;
---User Console: based on WEB mode visualized graphs, and for user's configuration-system with check the video recording and the user console of management work.
Like this, just constituted the behavior monitoring platform outside video monitoring, for the system security management personnel provide the remote monitoring and the equipments of recording of taking precautions against operational risk and finding bust.
During work, be installed in the service application environment Host Agent on the unix server and the operation supervise and control data of the terminal of these all connections of main frame are gathered, compressed preserve and upload to supervising server host computer by predefined strategy; Also can monitor network service and gather and relate to the terminal operation information flow and filter, gather, compress and preserve and upload to supervising server host computer by predefined strategy by Net Agent.The data that supervising server host computer is uploaded Agent format and compress and store in the database; Scheduler can receive the control of User Console end, and control Agent changes real-time monitor state over to, and can carry out data management operations such as data dump according to predefined data store strategy; Supervising server host computer also provides support the WEB service of SSL for User Console use, and all system's settings, bookkeeping can be undertaken by the WEB mode; Can be integrated by Realtime Alerts/SNMP interface with other safety managements or network management system.User console supports the browser mode to manage, operation screen to the terminal use carries out real-time monitoring, record, preservation and inquiry, playback, thereby operating personnel's various mistake operations, the operation of exceeding the bounds are reviewed, reappeared, provide the most direct and the most authoritative data for collect evidence afterwards.When break down in the far-end site, the system maintenance personnel can reproduce the operation screen of site terminal by the query history operation note, reappear failure process, also far-end site operating personnel's terminal operation picture synchronously, with help system attendant tracing trouble, fix a breakdown as early as possible.
This shows, the present invention is the terminal security monitor supervision platform towards the information system inlet, integrated application component technology, safety management and security system framework technology, centralized monitor and management have been realized to all terminals that are distributed in each place at the center, outside video monitoring, constructed a safety, reliable behavior monitoring platform, for the system security management personnel provide a remote monitoring and equipments of recording of taking precautions against operational risk and bust discovery, can realize the monitoring of the terminal operation behavior of various Unix system effectively and watch, and record terminal operation, take precautions against operational risk, ensure information safety, and promote improving constantly of system management efficient and managerial skills.This system has Administrative Security, convenient, flexible characteristics, and has good operability, is convenient to mounting, commissioning and maintenance.
Compared with prior art, the present invention have that total system is monitored automatically, record and centralized stores, centralized management ability.The terminal operation of recording is accurate, clear, can be as evidence obtaining afterwards.Remote assistance, remote support function are provided, can deal with problems to help the user by synchronous in real time remote terminal picture.Have enough fail safes, the data of gathering are had anti-tamper measure.And then fundamentally prevent and stop computer crime, guarantee the safety of information system.
But compare following table with Active Eyes and reflect its essential distinction:
| Item compared | Native system | Active Eyes |
| Data acquisition modes | By Agent system's input/output information stream is intercepted | Take by video camera |
| The object of management | The screen output picture of UNIX terminal | Personnel's activity |
| Storage mode | Database mode compression storage | Be generally video tape, must could compress after the digitlization |
| Transmission means | Network compression load mode | Many coaxial cables |
| Memory device | Black box is left concentratedly | Be generally many video tape recorders, can record hard disk after the digitlization |
| Record effect | Accurately clear, be easy to retrieval | Record effect to the terminal picture is poor |
| Monitoring range | All terminals | Because terminal quantity is a lot, be difficult to accomplish to monitor whole terminals |
| Fail safe | Domestic consumer can't make thrashing | Easily because terminal location adjustment or cover inefficacy |
| The user | Operating audit personnel, computer network management personnel | The Security Personnel |
| Adaptability | Structural member platform is easy to dispose and adjust | Function singleness |
| Cost | Low | High |
The present invention is based on the component frame technology, support supervisory control system by Agent and network probe mode.Agent resides on the application system unix host.User console supports the browser mode to manage.Compatible various main flow host platforms of its external behavior and integrated with other safety products, network management product have good opening.
The UNIX information system that above customer service applied environment is various industries can be affixed one's name to a plurality of Host Agent and Net Agent in internal system according to circumstances.
Description of drawings
The present invention is further illustrated below in conjunction with accompanying drawing.
Fig. 1 is the system configuration schematic diagram of the embodiment of the invention one.
Fig. 2 is the topology schematic diagram of Fig. 1 embodiment one.
Fig. 3 is the topology schematic diagram of the embodiment of the invention two.
Embodiment
Embodiment one
Present embodiment is to be applied to the remote unix terminal monitory system of financial service system based on the dumb terminal mode, and its basic comprising has following major part component part as shown in Figure 1:
---be installed on user information center unix server and each the site UNIX front end processor, and the Agent that is connected with supervising server host computer, data acquisition and data compression transmission member wherein comprised;
---be positioned at system centre, supervising data storage and management controlled function are provided, form is the supervising server host computer of the black box of sealing, wherein comprises:
A, deposit that Agent gathers, through filtration and format after the database of monitoring record data;
B, finish to terminal session data formatting, compression and the storage of gathering controller;
C, the control of reception User Console end, control Agent changes real-time monitor state over to, carries out the scheduler of data dump and so on data management operations according to predefined data store strategy;
D, Realtime Alerts or SNMP interface in order to be connected with other system;
The Web server of E, support SSL mode;
The network probe of F, acquisition terminal session data;
---for user's configuration-system and the user console (UserConsole) of checking video recording and management work, employing need not preassembled WEB member mode and works.
This system can represent that its concrete configuring condition is as follows with the topo graph 2 of image:
1, Agent---be installed on the center unix server and each site UNIX front end processor of existing financial service system, after the Agent installation, whether the data that its collection need be set encrypt, the frequency of data acquisition and data transfer policies are real-time Transmission or transmission means regularly.The operating system that Agent supports has SCO UNIX, UNIWARE, Sun Solaris, IBMAIX, HP UX etc., and all Agent all are connected to independently on the monitoring server by financial service system original computer network.
2, supervising server host computer---be installed in information centre, it is the core of whole system, adopt the black box mode of sealing, the port that connects user's production environment and monitoring management environment respectively is provided, has higher-security, supervising server host computer is finished functions such as the filtration, format, storage, search of data, and this supervising server host computer also can be supported Net Agent assembly.
3, user console (User Console)---the visual graphical user's platform that moves on browser supplies user's configuration rule and checks terminal video recording and other relevant information.All management are all carried out on user console, and the User Console that adopts WebBrowse to carry out terminal data emulation playback.
Withdraw the money with a savings counter station terminal of bank below and be operating as example, specify the system works situation of present embodiment: when savings counter cabinet person begins a terminal session, Agent will take over the terminal output of unix server and handle.When the teller logins, imports that customer accounting code, the amount of money and affirmation are withdrawn the money, during each of printed tickets operation, Agent intercept and capture the terminal screen output of unix server and use the Lazy WriteMode with the output stream blotter to disk.
Simultaneously, according to predefined data transfer policies, Agent can compress the terminal dateout of record in real time and utilize bank's original computer network to be sent to monitoring server; Agent also can periodically carry out the compressed cache data, transfer data to the work of monitoring server in the time period of setting.
In addition, Agent can accept the real-time monitored instruction of user that monitoring server transmits, and monitoring server is compressed, is sent to the terminal screen output of intercepting and capturing with the fastest speed.
After monitoring server receives the Agent uploaded data, will unpack data, format and cryptographic operation and store on the monitoring server disk.Supervising server host computer adopts the form of black box, the terminal video recording data that the user can't the direct control storage, thereby the fail safe that has improved system.The user also can periodically go out data backup monitoring server and leave the safe place in, and similarly, these Backup Datas are also encrypted.
When dispute takes place in teller and client, for the operation of confirming the teller is correct and conforms with bank's operating provision, except accessing video record watches, can also utilize user console from the monitoring server database, to retrieve fast and review and play by time point, keyword and other conditions and reappear the operation of teller on terminal, provide the most direct and the most authoritative data for collect evidence afterwards.
In addition, when native system breaks down in the far-end site, the system maintenance personnel can be by the operation screen of user console locating query historical operation record-playback site terminal, reappear failure process, and Agent is sent real-time monitored instruction by monitoring server, far-end site operating personnel's terminal operation picture with help system attendant tracing trouble, is fixed a breakdown as early as possible synchronously.
This shows that the system of present embodiment has following innovation part:
1, towards the terminal security monitor supervision platform of the inlet of information system, integrated application component technology, safety management and security system framework technology, realized all terminals that are distributed in each place are carried out centralized monitor and management at the center, outside video monitoring, constructed a safe and reliable behavior monitoring platform, for the system security management personnel provide a remote monitoring and equipments of recording of taking precautions against operational risk and bust discovery.
2, adopted intercepting main frame input mode, to it goes without doing any change of monitored system, to original system without any influence.The terminal operation of record is accurately clear, to image data compress, encrypted transmission and storage, uses powerful crypto engine perfect data integrity checking to be provided and to prevent to intercept the efficient and the fail safe of greatly improve transmission, storing; And combine with host layer, IP Security measure, can form the complete information security audit system of a cover.
3, adopt the Web mode to use, need not to install in addition client software.All supervisory communications are encrypted, and carried out strict audit, realized real safety long-distance management.
Embodiment two
Present embodiment is the remote unix terminal monitory system that is applied to financial service system terminal Network Based, terminal server mode, and it constitutes referring to Fig. 3, and basic structure is identical with embodiment one, and difference is:
1, the Net Agent that adopts network readezvous point to intercept mode monitors, filters the communication data of the network terminal on the network, terminal server and Unix main frame, need any software be installed on unix server, and original system is had no effect;
2, Net Agent is included on the supervising server host computer, and the data that Net Agent gathers are directly handled by monitoring server, and network is not produced any flow.
The concrete working condition and the embodiment one of present embodiment are similar, do not give unnecessary details in addition.
In addition to the implementation, the present invention can also have other execution modes.All employings are equal to the technical scheme of replacement or equivalent transformation formation, all drop in the protection range of requirement of the present invention.
Claims (7)
1, a kind of character terminal supervisory control system comprises the network of mainly being made up of AGENT, supervising server host computer, User Console, it is characterized in that:
Described AGENT is installed on the server in the system, preserves in order to operation supervise and control data acquisition, the compression finished this connecting terminal, and uploads to supervising server host computer by predefined strategy;
Described supervising server host computer, wherein comprises in order to supervising data storage and management control to be provided as the center of whole system
A, deposit that Agent gathers, through filtration and format after the database of monitoring record data;
B, finish controller to terminal session data formatting, compression and the storage of gathering;
The control of C, the described User Console of reception, control Agent changes real-time monitor state over to, carries out the scheduler of data dump and so on data management operations according to predefined data store strategy;
D, Realtime Alerts or SNMP (Simple Network Management Protocol) interface in order to be connected with other system;
The Web server of E, support SSL (security socket layer) mode;
Described User Console uses for user's configuration-system and records a video and management work with checking based on WEB mode visualized graphs.
2, character terminal supervisory control system according to claim 1 is characterized in that: adopt to reside in the Host Agent that is monitored on the unix host, finishes the operation supervise and control of the terminal that this main frame is connected.
3, character terminal supervisory control system according to claim 1 is characterized in that: comprise and be integrated on the supervising server host computer or adopt the autonomous device mode, by the Net Agent of Ethernet port to network service.
4, character terminal supervisory control system according to claim 1 is characterized in that: be deployed with Host Agent and Net Agent more than two.
5, according to claim 2 or 3 described character terminal supervisory control systems, it is characterized in that: the terminal screen output that described Agent intercepts and captures unix server with the Lazy WriteMode with the output stream blotter to disk.
6, character terminal supervisory control system according to claim 5 is characterized in that: comprise with monitor data leave concentratedly, the supervising server host computer of closed management.
7, character terminal supervisory control system according to claim 6 is characterized in that: comprise the User Console that adopts Web Browse to carry out terminal data emulation playback.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2004100138018A CN1556636A (en) | 2004-01-02 | 2004-01-02 | Character terminal monitoring system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2004100138018A CN1556636A (en) | 2004-01-02 | 2004-01-02 | Character terminal monitoring system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN1556636A true CN1556636A (en) | 2004-12-22 |
Family
ID=34351084
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2004100138018A Pending CN1556636A (en) | 2004-01-02 | 2004-01-02 | Character terminal monitoring system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN1556636A (en) |
Cited By (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN100452706C (en) * | 2006-06-14 | 2009-01-14 | 杭州奇智信息科技有限公司 | Method and apparatus for identifying terminal command line |
| CN101127604B (en) * | 2007-09-25 | 2010-06-23 | 中兴通讯股份有限公司 | Information secure transmission method and system |
| CN1972278B (en) * | 2005-11-21 | 2011-06-15 | 西安大唐电信有限公司 | A method for implementing safe remote video monitoring |
| CN102355497A (en) * | 2011-09-28 | 2012-02-15 | 中国铁道科学研究院电子计算技术研究所 | Data synchronization method |
| CN103258021A (en) * | 2013-05-03 | 2013-08-21 | 杭州安恒信息技术有限公司 | Character terminal feature data extraction method based on behavioral analysis |
| CN103327069A (en) * | 2013-05-16 | 2013-09-25 | 北京神鹰城讯科技有限公司 | WEB-based remote client service support method and system |
| CN113542048A (en) * | 2020-04-21 | 2021-10-22 | 中国移动通信集团贵州有限公司 | Dummy resource monitoring method and device, electronic equipment and computer readable storage medium |
-
2004
- 2004-01-02 CN CNA2004100138018A patent/CN1556636A/en active Pending
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1972278B (en) * | 2005-11-21 | 2011-06-15 | 西安大唐电信有限公司 | A method for implementing safe remote video monitoring |
| CN100452706C (en) * | 2006-06-14 | 2009-01-14 | 杭州奇智信息科技有限公司 | Method and apparatus for identifying terminal command line |
| CN101127604B (en) * | 2007-09-25 | 2010-06-23 | 中兴通讯股份有限公司 | Information secure transmission method and system |
| CN102355497A (en) * | 2011-09-28 | 2012-02-15 | 中国铁道科学研究院电子计算技术研究所 | Data synchronization method |
| CN103258021A (en) * | 2013-05-03 | 2013-08-21 | 杭州安恒信息技术有限公司 | Character terminal feature data extraction method based on behavioral analysis |
| CN103258021B (en) * | 2013-05-03 | 2016-02-03 | 杭州安恒信息技术有限公司 | The character terminal characteristic extracting method that a kind of Behavior-based control is analyzed |
| CN103327069A (en) * | 2013-05-16 | 2013-09-25 | 北京神鹰城讯科技有限公司 | WEB-based remote client service support method and system |
| CN103327069B (en) * | 2013-05-16 | 2016-09-21 | 北京神鹰城讯科技股份有限公司 | Remote client's service support method based on WEB and system |
| CN113542048A (en) * | 2020-04-21 | 2021-10-22 | 中国移动通信集团贵州有限公司 | Dummy resource monitoring method and device, electronic equipment and computer readable storage medium |
| CN113542048B (en) * | 2020-04-21 | 2022-07-01 | 中国移动通信集团贵州有限公司 | Dummy resource monitoring method and device, electronic equipment and computer readable storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7185366B2 (en) | Security administration server and its host server | |
| US10122575B2 (en) | Log collection, structuring and processing | |
| CN104063473B (en) | A kind of database audit monitoring system and its method | |
| CN110493348A (en) | A kind of intelligent monitoring and alarming system based on Internet of Things | |
| US20110314148A1 (en) | Log collection, structuring and processing | |
| CN103973781B (en) | A kind of screen monitor method and its system based on proxy server | |
| CN105759247B (en) | Radar integrated recorder and radar data recording method | |
| CN103152352A (en) | Perfect information security and forensics monitoring method and system based on cloud computing environment | |
| CN107864056A (en) | A kind of distributed event acquisition probe, distributed event high speed acquisition system and method | |
| CN101883131A (en) | Environmental data collector | |
| CN103124293A (en) | Cloud data safe auditing method based on multi-Agent | |
| CN103166788B (en) | A kind of collection control Control management system | |
| CN205507061U (en) | Radar is synthesized and is taken notes appearance | |
| US20170181054A1 (en) | Managed access graphical user interface | |
| CN107563713A (en) | A kind of electronic document system and its method for operation monitoring | |
| CN101056447A (en) | Operation situation monitoring device of radio communication network | |
| CN113570274A (en) | Asset whole-process management system | |
| CN1556636A (en) | Character terminal monitoring system | |
| CN112671592A (en) | Network equipment operation and maintenance management system | |
| CN102035895A (en) | Web site supervision method based on HTTP (hypertext transfer protocol) analysis | |
| JP5752932B2 (en) | Device information management system | |
| CN1561037A (en) | Desk monitoring audit system based on structure | |
| CN205510080U (en) | A safety control platform for catenet | |
| CN101980474A (en) | Internet data center (IDC) network management monitoring platform | |
| CN102158353A (en) | Third party storing and recording system and method for terminal remote maintenance information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
| WD01 | Invention patent application deemed withdrawn after publication |